Research Experience Qualification Publications
Transcription
Research Experience Qualification Publications
Pierre Parrend – Scientific activities Pierre Parrend, PhD Senior Research Scientist 239, Route de la Wantzenau 67000 Strasbourg France married Telephone : +33 (0) 3 69 26 29 80, +33 (0) 3 69 23 29 80 E-mail : [email protected]/[email protected] Web page : http://www.rzo.free.fr Driving License IEEE Computer Society and ACM Member, active with the OWASP (Open Web Service Security Project) and ISSECO (International Secure Software Engineering Council) Associations. Scientific Activities Last update: 07 Mars 2010 Research Experience 2008-2010: Senior Research Scientist, FZI Karlsruhe – Research Center for Information Technology at the University Karlsruhe, Software Engineering Domain. Team of Prof. R. Reussner (SDQ Institute, Software Design and Quality, KIT – Karlsruhe Institute of Technology). 2005-2008: PhD, INRIA Amazones Team, CITI Laboratory, INSA-Lyon. Ph.D. Thesis Subject: Software Security Models for Service-Oriented Programming (SOP) Platforms. (in english) Ph.D. Advisors: Stéphane Frénot, Stéphane Ubéda. Ph.D. Status: Government Grant at the CITI Laboratory + Teaching Assistant Position at the IUT Lumière Lyon 2 (Statistics Department). Thesis Jury : Dr Cíaran Bryce, CUI, Université de Genève Pr Didier Donsez, LIG, UJF, Grenoble, Dr Stéphane Frénot, CITI, INSA de Lyon, Dr Pierre-Etienne Moreau, INRIA Lorraine Pr Ralf Reussner, SDQ-IDP, Technische Universität Karlsruhe, Pr Stéphane Ubéda, CITI, INSA de Lyon, Defense date: 9.12.2008 Rapporteur Directeur de Thèse Rapporteur Directeur de Thèse 2004-2005: Master of Research, ICTT Laboratory, Ecole Centrale de Lyon. Subject: ''TCAO (travail collaboratif assiste par ordinateur), MDE (Model Driven Engineering) et Ontologies : vers la generation automatique d'applications collaboratives. Supervisor: Bertrand David. 03.2004-06.2004 : Laboratoire CITI, INSA Lyon. Thème: validation formelle pour les systèmes embarqués. Qualification 2009: Qualified as allowed to apply for ‘Maitre de conférences’ tenure positions by the French CNU (Commission nationale des Universités), section 27 (Computer Sciences). Qualification ID: 09227195758. Publications Book Chapter Security for Java Platforms, Pierre Parrend, Chapter in `Java Software', Nova Publishers, New York, 2009, 29 pages. 1/6 Pierre Parrend – Scientific activities International Journals Security Benchmarks of OSGi Platforms: Toward Hardened OSGi, Pierre Parrend, Stephane Frénot, Software, Practice and Experience. Accepted for publication (September 2008; Impact Factor: 2003, 0,57, 2002: 0,65). National Journals Vérification automatique pour l’exécution sécurisée de composants Java, Pierre Parrend, Stephane Frenot, Revue l'Objet, numéro special 'Composants, services et Aspects: techniques et outils pour la vérification'. International Conferences I-JVM: a Java Virtual Machine for Component Isolation in OSGi, Nicolas Geoffray, Gael Thomas, Gilles Muller, Pierre Parrend, Stephane Frenot and Bertil Folliot, 39th IEEE/IFIP Conference on Dependable Systems and Networks (DSN), Lisbon, Portugal, 2009. Enhancing Automated Detection of Vulnerabilities in Java Components, Pierre Parrend, Forth International Conference on Availability, Reliability and Security (AReS 2009), 2009 (8 pages IEEE CS ; acceptance rate : 25%). Classification of Component Vulnerabilities in Java Service Oriented Programming (SOP) Platforms, Parrend, Stéphane Frenot, Conference on Component-based Software Engineering, Karlsruhe, Germany, 14-17 October 2008 (Impact Factor: 2007, 0.04; 2006, 0.06; 2005, 0,14; Acceptance Rate: 30%), 18 pages LNCS. Component-based Access Control: Secure Software Composition through Static Analysis, Pierre Parrend, Stéphane Frenot, Software Composition, Budapest, Hungary, 29-30 March 2008 (Acceptance Rate: 21%), 18 pages LNCS. Monitoring Scheduling for Home Gateways, Stephane Frenot and Yvan Royon and Pierre Parrend and Denis Beras, NOMS 2008, Salvador de Bahia, Brazil, 7-11 April 2008, 6 pages IEEE. Identity-Based Cryptosystems in the OSGi Service Platform, Samuel Galice, Pierre Parrend, Stéphane Frenot, Stephane Ubeda, International Conference on Emerging Security Information, Systems and Technologies, IARIA SecurWare 2007, Valencia, Spain, October 2007 (acceptance rate: 28%), 8 pages IEEE CS. A Security Analysis for Home Gateway Architectures, Pierre Parrend and Stephane Frenot, International Conference on Cryptography, Coding & Information Security, CCIS 2006, November 24-26 2006, Venice, Italy, 6 pages IEEE CS. Use of Ontologies as a Way to Automate MDE Processes, Pierre Parrend, Bertrand David, Proceedings of IEEE EuroCon Conference, 21-24 November 2005, Belgrad, Serbia, 4 pages IEEE. National Conferences N. Geoffray, G. Thomas, G. Muller, P. Parrend, S. Frénot, and B. Folliot. I-JVM: une machine virtuelle Java pour l'isolation de composants dans OSGi. In Conférence Française sur les Systèmes d'Exploitation, Toulouse, France, September 2009. Industrial Conferences Multi-service, Multi-protocol Management for Residential Gateways Home Network Management, Y. Royon, P. Parrend, S. Frénot, S. Papastefanos, H. Abdelnur, D. Van de Poel, S. Frenot, BB Europe, Antwerp, December 3-6, 2007, 4 pages IEEE CS. International Workshops Privacy-Aware Service Integration, Pierre Parrend, Stephane Frenot, Sebastian Hoehn, Services Integration in Pervasive Environments, Istanbul, Turkey, July 2007 (acceptance rate: 47%), 6 pages IEEE CS. 2/6 Pierre Parrend – Scientific activities Supporting the Secure Deployment of OSGi Bundles, Pierre Parrend, Stephane Frenot, First IEEE WoWMoM Workshop on Adaptive and DependAble Mission- and bUsiness-critical mobile Systems, Helsinki, Finland, 18 June 2007 (acceptance rate: 44%), 6 pages IEEE CS. Service-Oriented Distributed Communities in Residential Environments, Pierre Parrend, Yvan Royon and Noha Ibrahim, 1st IEEE International Workshop on Services Integration in Pervasive Environments June 29, 2006, Lyon, France (acceptance rate: 70%), 6 pages IEEE CS. Poster Dependability for Component Systems Deployment, Pierre Parrend, Stéphane Frénot, Poster, first EuroSys Conference 2006, Leuven, Belgium, April 18-21 2006. Technical Reports I-JVM: a Java Virtual Machine for Component Isolation in OSGi, Nicolas Geoffray, Gael Thomas, Gilles Muller, Pierre Parrend, Stephane Frenot and Bertil Folliot, INRIA Research Report n°6801, January 2009, 24 pages (also published in DSN’2009). More Vulnerabilities in the Java/OSGi Platform: a Focus on Bundle Interactions, Pierre Parrend, Stephane Frenot, INRIA Research Report n°6649, September 2008, 81 pages. Java Components Vulnerabilities - An Experimental Classification Targeted at the OSGi Platform, Pierre Parrend, Stéphane Frenot, INRIA Research Report n° 6231, June 2007, 90 pages. Delivrable DB3.4 - Specification of Residential Gateway configuration, Edited by Olivier Festor, Sam D'Haesseler, 23/03/2006, IST Project n°026442 Muse. Parrend, P. & Frenot, S., Secure Component Deployment in the OSGi(tm) Release 4 Platform, INRIA Technical Report n°0323, June 2006, 49 pages. Comparison and temporal validation of automotive real-time architectures, K. Godary, P. Parrend, and I. Augé-Blum, Technical report, CITI, INSA de Lyon, 2004. PhD Thesis Software Security Models for Service-Oriented Programming (SOP) Platforms, Pierre Parrend, PhD Thesis, INSA de Lyon. 2008/12/09. Master Theses MDE et CSCW Groupware Travail Coopératif capillaire, Pierre Parrend, Master of Research Thesis, ICTT Laboratory, Ecole Centrale de Lyon, June 2005. Under direction of Bertrand David. Validation temporelle d'architectures embarquées pour l'automobile, P. Parrend and I. Augé-Blum, Professional Master Thesis, CITI Lab, INSA de Lyon, July 2004. Edited Documents Software-Industrialisierung, Editors: Franz Brosch, Henning Groenda, Lucia Kapova, Klaus Krogmann, Michael Kuperberg, Anne Martens, Pierre Parrend, Ralf Reussner, Johannes Stammel, Authors: Emre Taspolatoglu, Anton Truong, Christian Baumgart, Tom Beyer, Philipp Meier, Internal Report 2009-4 of the Faculty for Computer Sciences, University of Karlsruhe, ISSN 1432-7864. Invited Talks 20.11.2009: Challenges for Secure Clouds, Trendkongress NetEconomy Karlsruhe, Germany. 27.10.2009: Security in OSGi Applications : Robust OSGi Platforms, secure Bundles, OSGi User Group Germany, Ludwigsburg. 16.10.2009: OSGi Security, OSGi User Group France, Grenoble. 23.06.2009: Harden Your Java Components (long version), Entwicklertag (Developer Day) 2009, Karlsruhe, Germany (with selection). A software engineering approach for building secure Java/OSGi platforms, GI (German 6.03.2009: Informatic Society) Fomsess (Formal Methods and Software Engineering for Safety and Security) annual meeting, Karlsruhe, Germany. 3/6 Pierre Parrend – Scientific activities 23.02.2009: Harden your Java Components, OWASP Day 3 – Industry-research day, Bari, Italy (with selection). 15.10.2008: Security risks and solutions for OSGi-based environments, Seminar at Bell Labs, Alcatel-Lucent, Antwerpen, Belgium. 14.05.2008: Security for the Java/OSGi Extensible Component Platform, Seminar at SAP Research Karlsruhe. 29.10.2007: A Dependability Framework for building secure Dynamic Component Systems, Seminar at the Institute for Software Design and Quality(SDQ), TU Karlsruhe. 24.07.2007: Dependability for Java Mobile Code - a Pragmatic Research View, Swiss OWASP Group meeting. 19.06.2006: OSGi Release 4 Security Layer: Signature de Bundles (French), OSGi User Group France meeting. Technical Documentations 2010 : 2009 : 2007 : 2006 : 2005 : Chapter ‘Malicious Code Search’ of the ‘Development Guide’ of the OWASP (Open Web Application Security Project). Chapters ‘Methodologies’ and ‘Deployment’ of the training Syllabus for the ISSECO (International Secure Software Engineering Council) Certification ‘Certified Professional for Secure Software Engineering’. Member of the review team for the OWASP ASVS (Application Security Verification Standard). OSGi Security Documentation Center: http://sfelix.gforge.inria.fr/osgi-security/ OWASP Java Project: Bytecode Obfuscation, Signing Jar File with Jarsigner, Protecting Code Archive with Digital Signature (see https://www.owasp.org/index.php/Category:OWASP_Java_Project ). OPS4J Project: 'A quick start with OSGi Logging, the OPS4J library' (see http://wiki.ops4j.org/confluence/display/ops4j/How+to+use+Pax+Logging ). Original version of the 2007 articles. Introduction to MDA: Principles, and Practical Introduction (see and http://www.sciences.univ-nantes.fr/lina/atl/bibliography/Parrend_05 http://pparrend.developpez.com/ ). Teaching For course material, please see: http://www.rzo.free.fr/teaching.php. Participation in logistics for courses by the SDQ (Software Design and Quality) Institute of the University Karlsruhe (Development with Eclipse, Software Industrialization). Reviewer in the course ‘PI – Projets Industriels’ (Industrial Projects), Telecom Department, INSA Lyon. In charge of a practical session at the 2007 summer school of the French OSGi User 09-2007: Group (6 hours). 2005-2008 : 3 year teaching contract ('Moniteur') as part time teacher in Computer Engineering at University of Lyon 2. In charge of a Database Course for 3d year students; Academic Tutor for 1st year student internships (2), 3d year student internship (1); participation in following courses: web development, Java language, PhP, Access (196 hours). d th 2004-2005 : Teacher at Lyon Sciences-U school, 3 and 4 year of Study. In charge of following courses: Java Language, Telecommunications, Software Engineering (107 hours). Occasional participation in ‘Operating Systems’ course at the Telecommunication department of the INSA Lyon. Training course in Office Automation for first College year students, University of Lyon 2 09.2004 : (92 hours). Math tutorial for first year Mechanical Engineering students, Technical University 2000 : Karlsruhe, Germany (24 hours). 2008-2009: Students 2008-2010 : Francois Goichon Master of Science, INSA-Lyon. Data flow analysis for secure object 4/6 Pierre Parrend – Scientific activities oriented components. Together with Stéphane Frénot (INSA-Lyon)Christina Pildner Master in Computer Science, University Karlsuhe. Theme: ‘Modelbased analysis of vulnerabilities in object oriented modules’. Yun Lin Master in Computer Science, University Karlsuhe. Theme: ‘Performance analysis for automotive architecture models’. Together with Nico Adler and Philipp Graf (FZI). Student developers at FZI. 2008-2010 : Erik Lübke; Volodymyr Borovik. 02/07-2008 : Stéphane Chevalier End-of-Study Intership (CPE Engineer School), together with Stéphane Frénot. Theme: Logging of component communications in the OSGi Platform. Participation in Research Projects In charge of the coordination of the QAKAOS project proposal for the German program ‘KMU-Innovativ’ with SMEs: Eclipse Source, andrena object Karlsruhe. In charge of the coordination of the WIRTUE STREP proposal for the FP7-ICT-2009-5. 2009: FZI representative in the CBS IP proposal. Representative of the FZI for the CBS project (FP7-ICT-2009-5., objective 1.4 ‘trustworthy systems’). Participation in the redaction of the Moon ANR Project proposal. 2008: Participation in the LISE ANR Project (Liability Issues in Software Engineering). Meeting 2008: in Grenoble (27-28.02.2008), Organization of the Meeting in Lyon (July 2008). 2005-2008 : Participation in the Muse IST Project n°026442 (Advanced ADSL Gateways). Meetings in Den Haag (Netherland), 04.2006, Bilbao (Spain), 10.2006. Integration of the SFelix Code in Alcatel Demonstrator. 2010: Industrial Projects 2009: 2008 - 2010 : Participation at the definition of the Syllabus of the ISSECO association for professional training in secure software engineering: chapters ‘Methodologies’and ‘Secure Deployment’. Project Manager of the FAST (FZI Assessment Tools) internal Project in the FZI Karlsruhe. Goal: valorization of research tools. Team size: 10 persons, part-time. Development Development Projects with research scope (Available on INRIA SourceForge): Stanja: Eclipse plug-in for identification of security flaws in object-oriented components (together with Christina Pildner). SFelix: secure version of the Felix Platform (http://sfelix.gforge.inria.fr/) SF-JarSigner: Signature and Deployment of OSGi bundles (http://sf-jarsigner.gforge.inria.fr/) Malicious Suite: Malicious Components that exploit OSGi vulnerabilities Organization 02.2010: Organization of the ‘FZI-im-Dialog’ seminar and networking event. Target audience: 100 IT managers and experts from Karlsruhe and the region. 07.2009: Organization of the Eclipse Application Developer Day (EADD) Karlsruhe 2009. 07.2008: Organization of a meeting of the French ANR Lise (Liability Issues in Software Engineering) Project, Lyon. Committee membership and scientific reviews 5/6 Pierre Parrend – Scientific activities 2010: 2009 : 2008 : 2007 : 2006 : Part of the Program Committee for the SPCC Workshop (Security and Privacy in Cloud Computing). Brussels, Belgium, January 29, 2010. Part of the Program Committee for the SecSE (Secure Software Engineering) Workshop. To be hold with the ARES Conference. Part of the Program Committee for the Septis (Security and Privacy in Telecommunications and Information Systems) Workshop at the IEEE SITIS Conference. Part of the Program Committee for SAR-SSI (Conférence sur la Sécurité des Architectures Réseaux et des Systèmes d'Information) 2009. Part of the Program Committee for SIPE’2009 (Integration in Pervasive Environments). Part of the Program Committee of IARIA ICIMP (International Conference on Internet Monitoring and Protection) and Securware (International Conference on Emerging Security Information, Systems and Technologies) 2009. Member of the Reviewer Team of IEEE Potentials (Total of 20 + papers). Member of the Technical Program Committee of the IARIA conferences Securware; Coreviewer with Stéphane Frénot for the WOSA Workshop, SERA Workshop, Notere and DSOM Conference. Review for the OWASP (Open Web Application Security Project) Summer of Code 2008 for 2 projects: Application Security Verification Standard, OpenSign (Online code signing and integrity verification service) Server. Part of the Shadow PC for the CoNext 2008 Conference, Madrid, Spain. Member of the Reviewer Team of IEEE Potentials. Member of the Technical Program Committee of the IARIA conferences ICGD&BC (First International Conference on Global Defense and Business Continuity) and SECURWARE (International Conference on Emerging Security Information, Systems and Technologies). MIT Press Book 'At your Service', Review of the achievements of the European FP6 Research Framework in Service Oriented Architecture. NOTERE Conference (New Technologies for Distributed Systems), 2 papers read as coreviewer. IST Muse Project, Chapter 9, Milestone 3, Task Force 3. IST Muse Project, 'AAA in the Muse Infrastructure' end-of-project deliverable, Task Force 1. Member of the Reviewer Team of IEEE Potentials. NOTERE Conference (New Technologies for Distributed Systems), 2 papers read as coreviewer with S. Frénot. Misc. Training Management: Scientific Training : Innovation : Teaching : Keys2Competence Seminar rows and coaching: ‘Management for young scientifics’, Karlsruhe Institute for Technology (KIT), 10.2009-05.2010. ICAR (Integration et Contruction d'Applications Réparties) Summer School 2006, Autrans, August 2006, France; Lugano Summer School on Dependable Systems, July 2006, Swiss. Building an innovative Firm (2007, Créalys, Lyon), Legal Software Protection (2007, Insavalor, Lyon), IEEE Seminar 'Leadership and Management', France (in English), 10.2004, Le Mans, France. Evaluation in the teaching process, Handling risky behaviors (CIES Lyon, 2007), Building an online course, Training Trainers (CIES Lyon, 2006), The 'IUT en Ligne' Platform (Nimes). 6/6